Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus everywhere - removed - now redirects and inability to download


  • Please log in to reply
3 replies to this topic

#1 digital_dilemma

digital_dilemma

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 07 February 2011 - 11:46 PM

I was getting Generic Host error messages: see pic

Posted Image

The computer would lock up and I'd be forced to shut down to gain use. I could just pull the message over to another monitor and continue to work... for a while. Eventually, I would have to reboot. Ran at the time Avast. Found trojans and lots of spyware. Quarantined. Came back. Downloaded Superantispyware and updated. Eliminated Avast. Ran a full scan. Found viruses and spyware. Quarantined. Restarted. The same problems continued. Installed Malware Bytes. Ran a full scan. Found viruses and spyware. Quarantined. Restarted. The same problems continued. Ran again. Found more. Restarted. Ran immediately. Clean.

Problems continued to surface, mainly manifested as hijackings/redirects in my browser. At first, it was only within I.E.8. I could use Mozilla Firefox without incident. For a day. Finally showed up when using Firefox. Ran Malwarebytes. Found trojans.Quarantined. Restarted. Clean after running again. Half an hour later, the redirects appear. Downloaded and installed Microsoft Security Essentials. ran it after updating. Found viruses and spyware. Deleted these. Ran again. Clean.

Problems with browser hijacks have continued to point where I can no longer download. The download is cancelled. I've run both Malwarebytes and MS Security Essentials. Neither came up with any infections, but the the problems persist. The browsers eventually stop working, executables won't download and my click on links gets redirected.

I've had problems in the past and always have been able to rid myself of any issues, but this has me completely stumped and I need someone to help me learn things that I might do. At the suggestion of a friend I disabled the Windows Acquisition Service but can't see that it gave me any benefit.

As another note, I recently placed two used 1GB memory modules in my laptop to replace the two 512Mb memory modules. These were used. Is it possible that the problem is imbedded within these?

I leave myself open for any suggestions or processes to undertake. I can always reinstall, but I have some software items, such as Adobe PDF Professional, that I no longer have the disks, so I'd prefer to not go this route unless absolutely essential.

Thanks in advance for the consideration and assistance.

digital_dilemma

Edited by Blade Zephon, 08 February 2011 - 12:06 AM.
Moved from XP to AII. ~BZ


BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:17 PM

Posted 08 February 2011 - 12:08 AM

Hello.

Let's give this a shot.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

~Blade


In your next reply, please include the following:
TDSSKiller Log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 digital_dilemma

digital_dilemma
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 08 February 2011 - 12:30 AM

Well... before you replied, my friend suggested the same. I downloaded from Kapersky and ran the program. It found Rootkit.Win32.TDSS.tdl4. I ran the cure and rebooted. Unfortunately. I ran it again to check before seeing your post, so my report has since changed. However, in the interest of verifying, here it is:

2011/02/07 23:24:39.0390 2868 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03
2011/02/07 23:24:39.0609 2868 ================================================================================
2011/02/07 23:24:39.0609 2868 SystemInfo:
2011/02/07 23:24:39.0609 2868
2011/02/07 23:24:39.0609 2868 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/07 23:24:39.0609 2868 Product type: Workstation
2011/02/07 23:24:39.0609 2868 ComputerName: CABLEMAN
2011/02/07 23:24:39.0609 2868 UserName: Administrator
2011/02/07 23:24:39.0609 2868 Windows directory: C:\WINDOWS
2011/02/07 23:24:39.0609 2868 System windows directory: C:\WINDOWS
2011/02/07 23:24:39.0609 2868 Processor architecture: Intel x86
2011/02/07 23:24:39.0609 2868 Number of processors: 1
2011/02/07 23:24:39.0609 2868 Page size: 0x1000
2011/02/07 23:24:39.0609 2868 Boot type: Normal boot
2011/02/07 23:24:39.0609 2868 ================================================================================
2011/02/07 23:24:40.0078 2868 Initialize success

#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:17 PM

Posted 08 February 2011 - 11:11 PM

Hello.

Glad to hear the tool worked.

How's the computer running?

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users